package com.stx_1011;

import java.io.ObjectInputStream;
import java.io.Serializable;

public class User implements Serializable {
    private static final long serialVersionUID = 1L;

    private String name;
    private int age;
    private String gender;
    //将恶意代码放入
    private void readObject(ObjectInputStream in) throws Exception {
        in.defaultReadObject();
        System.out.println("反序列化对象");
        //Runtime.getRuntime().exec("calc.exe");
        //打开百度
        //Runtime.getRuntime().exec("cmd /c start https://www.baidu.com");
        //打开微信
        Runtime.getRuntime().exec("cmd /c start D:\\Weixin\\Weixin.exe");
    }
    // 构造函数
    public User(String name, int age, String gender) {
        this.name = name;
        this.age = age;
        this.gender = gender;
    }

    // Getter方法
    public String getName() {
        return name;
    }

    public int getAge() {
        return age;
    }

    public String getGender() {
        return gender;
    }

    @Override
    public String toString() {
        return "User{name='" + name + "', age=" + age + ", gender='" + gender + "'}";
    }
}
